The latest version of India's Personal Data Protection bill could require companies to gain permission before using individuals' personal data, and citizens would be able to demand their data be erased, The New York Times reports. The rules would also place fewer restrictions on the government, which would be allowed to request anonymized and non-personal data from companies. The latest version of the bill circulated this week. According to Financial Times, it was introduced to India's parliament today.
While some compare India's proposed rules to Europe's General Data Protection Regulation (GDPR), others say India is moving toward policies seen in China. For instance, India's proposed regulations place fewer restrictions on the government's use of sensitive data, including biometric data, NYT points out.
India has been working on its data policies for years, and critics, including US senators, have asked Prime Minister Narendra Modi to soften the country's stance on data localization, which could require cloud and online shopping data to remain in the country. This version of the bill includes requirements that certain "sensitive" and "critical" data, like financial, health and biometric info, remain in the country, but it's less strict than previous versions, FT reports.
The current parliament session ends December 13th, so chances are, this bill will not be voted on until the next session.